0Pricing
Cyber Security Academy · Lesson

Persistence and Lateral Movement

Staying in and moving across accounts.

Staying In and Moving Across

After escalation, attackers want durable access and reach across the environment. In the cloud, persistence and lateral movement use identity and configuration, not implants on disk.

  • Persistence: survive credential rotation and detection.
  • Lateral movement: pivot across accounts, roles, and services.

Identity-Based Persistence

The simplest persistence is creating new credentials you control.

  • Create an extra access key on a privileged user.
  • Add a login profile (console password) to a service account.
  • Register an additional credential on a service principal (Azure) or a service-account key (GCP).
# AWS: add a second access key to a target user
aws iam create-access-key --user-name admin

# GCP: mint a long-lived key for a service account
gcloud iam service-accounts keys create k.json --iam-account priv@proj.iam.gserviceaccount.com

All lessons in this course

  1. Cloud Attack Surface
  2. Enumerating Cloud Resources
  3. Exploiting IAM Misconfigurations
  4. Persistence and Lateral Movement
← Back to Cyber Security Academy